sfn-vault 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +2 -0
- data/README.md +25 -0
- data/lib/sfn-vault.rb +2 -1
- data/lib/sfn-vault/version.rb +1 -1
- metadata +2 -3
- data/lib/sfn-vault/utils.rb +0 -37
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 43a7d834b4a3055e1bc7f8897c6e66edb17bbfbf
|
|
4
|
+
data.tar.gz: 49906d11755f5468dc337e312a5d0fcbdeec7cbe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 514752a1ee183b3210085cd7e90536c7144017d837a5b5197f8275e7c48414bb0648c53e89f6be41fb01dccaaa52da4e66214100aa24f5fdb86042f2a14bacd3
|
|
7
|
+
data.tar.gz: 3a007690f8ce3feef12d837f705cdbc50168ff4354a59c90134d1c269a79348ea0350fed68430584d9031ac59272b2c48b7779735caa81f4b26073b208963246
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -62,6 +62,31 @@ Configuration.new
|
|
|
62
62
|
end
|
|
63
63
|
~~~
|
|
64
64
|
|
|
65
|
+
The vault read callback will look for `VAULT_ADDR` and `VAULT_TOKEN` environment
|
|
66
|
+
variables by default, or you can set `vault_addr` and `vault_token` in the vault
|
|
67
|
+
section of your configuration. It is generally best to set these as environment
|
|
68
|
+
variables since the `.sfn `file should be checked into version control.
|
|
69
|
+
|
|
70
|
+
The following additional parameters can be adjusted by adding a `vault` section
|
|
71
|
+
to your `.sfn` config:
|
|
72
|
+
|
|
73
|
+
~~~ruby
|
|
74
|
+
Configuration.new
|
|
75
|
+
vault do
|
|
76
|
+
vault_addr 'http://127.0.0.1:8200'
|
|
77
|
+
vault_token 'vault-access-token'
|
|
78
|
+
# globally disable vault read callback
|
|
79
|
+
status 'disabled'
|
|
80
|
+
# customize the name of cache file
|
|
81
|
+
cache_file '.sfn-vault'
|
|
82
|
+
# customize vault api client retries
|
|
83
|
+
retries 5
|
|
84
|
+
# number of seconds to wait for iam creds to be ready
|
|
85
|
+
iam_delay 15
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
~~~
|
|
89
|
+
|
|
65
90
|
# Info
|
|
66
91
|
|
|
67
92
|
* Repository: https://github.com/webframp/sfn-vault
|
data/lib/sfn-vault.rb
CHANGED
|
@@ -111,7 +111,8 @@ module Sfn
|
|
|
111
111
|
# without the sleep the credentials are not ready
|
|
112
112
|
ui.info "Sleeping 30s for first time credentials system wide activation"
|
|
113
113
|
# this is arbitrary
|
|
114
|
-
|
|
114
|
+
timeout = config.fetch(:vault, :iam_delay, 15)
|
|
115
|
+
sleep(timeout)
|
|
115
116
|
api.connection.data[:vault_lease_id] = secret.lease_id # maybe unused?
|
|
116
117
|
api.connection.data[:vault_lease_expiration] = Time.now.to_i + secret.lease_duration
|
|
117
118
|
# update keys in api connection
|
data/lib/sfn-vault/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sfn-vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sean Escriva
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-01-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sfn
|
|
@@ -87,7 +87,6 @@ files:
|
|
|
87
87
|
- bin/pry
|
|
88
88
|
- bin/sfn
|
|
89
89
|
- lib/sfn-vault.rb
|
|
90
|
-
- lib/sfn-vault/utils.rb
|
|
91
90
|
- lib/sfn-vault/version.rb
|
|
92
91
|
- sfn-vault.gemspec
|
|
93
92
|
homepage: http://github.com/webframp/sfn-vault
|
data/lib/sfn-vault/utils.rb
DELETED
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
require 'sfn-parameters'
|
|
2
|
-
|
|
3
|
-
module SfnParameters
|
|
4
|
-
# Common helper methods
|
|
5
|
-
module Utils
|
|
6
|
-
|
|
7
|
-
# Lock the given content
|
|
8
|
-
#
|
|
9
|
-
# @param content [Hash] content to lock
|
|
10
|
-
# @return [Hash] locked content
|
|
11
|
-
def lock_content(content)
|
|
12
|
-
content = content.to_smash
|
|
13
|
-
content.merge!(:sfn_lock_enabled => true)
|
|
14
|
-
safe = SfnParameters::Safe.build(
|
|
15
|
-
config.fetch(:sfn_parameters, :safe, Smash.new)
|
|
16
|
-
)
|
|
17
|
-
safe.lock(dump_json(content))
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
# Unlock given content
|
|
21
|
-
#
|
|
22
|
-
# @param content [Hash] content to unlock
|
|
23
|
-
# @return [Hash] unlocked content
|
|
24
|
-
def unlock_content(content)
|
|
25
|
-
content = content.to_smash
|
|
26
|
-
if(content[:sfn_parameters_lock])
|
|
27
|
-
safe = SfnParameters::Safe.build(
|
|
28
|
-
config.fetch(:sfn_parameters, :safe, Smash.new)
|
|
29
|
-
)
|
|
30
|
-
load_json(safe.unlock(content)).to_smash.merge(:sfn_lock_enabled => true)
|
|
31
|
-
else
|
|
32
|
-
content
|
|
33
|
-
end
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
end
|
|
37
|
-
end
|